Action not permitted
Modal body text goes here.
Modal Title
Modal Body
Vulnerability from csaf_ncscnl
Published
2024-05-15 12:47
Modified
2024-05-15 12:47
Summary
Kwetsbaarheden verholpen in Apple iOS en iPadOS
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Denial-of-Service (DoS)
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- Toegang tot gevoelige gegevens
- Toegang tot systeemgegevens
- Verhoogde gebruikersrechten
Interpretaties
Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren en draaien, of een malafide link te volgen.
Oplossingen
Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen in iOS en iPadOS 17.5
Kans
medium
Schade
high
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE-284
Improper Access Control
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.", "title": "Feiten" }, { "category": "description", "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- Toegang tot gevoelige gegevens\n- Toegang tot systeemgegevens\n- Verhoogde gebruikersrechten", "title": "Interpretaties" }, { "category": "description", "text": "Voor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide app te installeren en draaien, of een malafide link te volgen.", "title": "Interpretaties" }, { "category": "description", "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen in iOS en iPadOS 17.5", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "title": "CWE-119" }, { "category": "general", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Source - apple", "url": "https://support.apple.com/en-us/HT214101" } ], "title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS", "tracking": { "current_release_date": "2024-05-15T12:47:39.940581Z", "id": "NCSC-2024-0219", "initial_release_date": "2024-05-15T12:47:39.940581Z", "revision_history": [ { "date": "2024-05-15T12:47:39.940581Z", "number": "0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "ios_and_ipados", "product": { "name": "ios_and_ipados", "product_id": "CSAFPID-551327", "product_identification_helper": { "cpe": "cpe:2.3:a:apple:ios_and_ipados:*:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "apple" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-27804", "references": [ { "category": "self", "summary": "CVE-2024-27804", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27804.json" } ], "title": "CVE-2024-27804" }, { "cve": "CVE-2024-27816", "references": [ { "category": "self", "summary": "CVE-2024-27816", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27816.json" } ], "title": "CVE-2024-27816" }, { "cve": "CVE-2024-27841", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "references": [ { "category": "self", "summary": "CVE-2024-27841", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27841.json" } ], "title": "CVE-2024-27841" }, { "cve": "CVE-2024-27839", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "references": [ { "category": "self", "summary": "CVE-2024-27839", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27839.json" } ], "title": "CVE-2024-27839" }, { "cve": "CVE-2024-27818", "references": [ { "category": "self", "summary": "CVE-2024-27818", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27818.json" } ], "title": "CVE-2024-27818" }, { "cve": "CVE-2023-42893", "references": [ { "category": "self", "summary": "CVE-2023-42893", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-42893.json" } ], "title": "CVE-2023-42893" }, { "cve": "CVE-2024-27810", "references": [ { "category": "self", "summary": "CVE-2024-27810", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27810.json" } ], "title": "CVE-2024-27810" }, { "cve": "CVE-2024-27852", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "other", "text": "Exposure of Sensitive Information to an Unauthorized Actor", "title": "CWE-200" } ], "references": [ { "category": "self", "summary": "CVE-2024-27852", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27852.json" } ], "title": "CVE-2024-27852" }, { "cve": "CVE-2024-27835", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "other", "text": "Improper Access Control", "title": "CWE-284" } ], "references": [ { "category": "self", "summary": "CVE-2024-27835", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27835.json" } ], "title": "CVE-2024-27835" }, { "cve": "CVE-2024-27803", "references": [ { "category": "self", "summary": "CVE-2024-27803", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27803.json" } ], "title": "CVE-2024-27803" }, { "cve": "CVE-2024-27821", "references": [ { "category": "self", "summary": "CVE-2024-27821", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27821.json" } ], "title": "CVE-2024-27821" }, { "cve": "CVE-2024-27847", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "other", "text": "Improper Access Control", "title": "CWE-284" } ], "references": [ { "category": "self", "summary": "CVE-2024-27847", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27847.json" } ], "title": "CVE-2024-27847" }, { "cve": "CVE-2024-27796", "references": [ { "category": "self", "summary": "CVE-2024-27796", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27796.json" } ], "title": "CVE-2024-27796" }, { "cve": "CVE-2024-27834", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "other", "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer", "title": "CWE-119" } ], "references": [ { "category": "self", "summary": "CVE-2024-27834", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-27834.json" } ], "title": "CVE-2024-27834" } ] }
cve-2024-27818
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipados", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "macos", "vendor": "apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-27818", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T04:00:15.843768Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-24T15:49:30.214Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.442Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214100" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to cause unexpected app termination or arbitrary code execution." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker may be able to cause unexpected app termination or arbitrary code execution", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:51.988Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214100" }, { "url": "https://support.apple.com/kb/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27818", "datePublished": "2024-05-13T23:00:51.988Z", "dateReserved": "2024-02-26T15:32:28.520Z", "dateUpdated": "2024-08-02T00:41:55.442Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27810
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "watchos", "vendor": "apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tvos", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "macos", "vendor": "apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27810", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T15:29:16.213724Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-28", "description": "CWE-28 Path Traversal: \u0027..\\filedir\u0027", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-31T18:25:50.048Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.379Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214102" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/17" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214107" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214102" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214105" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/16" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to read sensitive location information." } ], "problemTypes": [ { "descriptions": [ { "description": "An app may be able to read sensitive location information", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:55.661Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "https://support.apple.com/en-us/HT214104" }, { "url": "https://support.apple.com/en-us/HT214102" }, { "url": "http://seclists.org/fulldisclosure/2024/May/17" }, { "url": "https://support.apple.com/kb/HT214107" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214102" }, { "url": "https://support.apple.com/kb/HT214104" }, { "url": "https://support.apple.com/kb/HT214105" }, { "url": "https://support.apple.com/kb/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "url": "http://seclists.org/fulldisclosure/2024/May/16" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27810", "datePublished": "2024-05-13T23:00:55.661Z", "dateReserved": "2024-02-26T15:32:28.519Z", "dateUpdated": "2024-08-02T00:41:55.379Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27835
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-29 19:20
Severity ?
EPSS score ?
Summary
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.822Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThanOrEqual": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "iphone_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27835", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-07T13:58:46.072176Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-08-29T19:20:14.688Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to access notes from the lock screen." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker with physical access to an iOS device may be able to access notes from the lock screen", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:50.448Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27835", "datePublished": "2024-05-13T23:00:50.448Z", "dateReserved": "2024-02-26T15:32:28.527Z", "dateUpdated": "2024-08-29T19:20:14.688Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27847
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "-", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "iphone_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "-", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "macos", "vendor": "apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "-", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27847", "options": [ { "Exploitation": "None" }, { "Automatable": "Yes" }, { "Technical Impact": "Total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T04:00:15.091109Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-277", "description": "CWE-277 Insecure Inherited Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:47:27.345Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.382Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214107" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214105" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214100" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "This issue was addressed with improved checks This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to bypass Privacy preferences." } ], "problemTypes": [ { "descriptions": [ { "description": "An app may be able to bypass Privacy preferences", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:55.278Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "https://support.apple.com/kb/HT214107" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214105" }, { "url": "https://support.apple.com/kb/HT214100" }, { "url": "https://support.apple.com/kb/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27847", "datePublished": "2024-05-13T23:00:55.278Z", "dateReserved": "2024-02-26T15:32:28.531Z", "dateUpdated": "2024-08-02T00:41:55.382Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27852
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-11-01 20:10
Severity ?
EPSS score ?
Summary
A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27852", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T14:20:02.192301Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-01T20:10:12.913Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed with improved client ID handling for alternative app marketplaces. This issue is fixed in iOS 17.5 and iPadOS 17.5. A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages." } ], "problemTypes": [ { "descriptions": [ { "description": "A maliciously crafted webpage may be able to distribute a script that tracks users on other webpages", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:47.471Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27852", "datePublished": "2024-05-13T23:00:47.471Z", "dateReserved": "2024-02-26T15:32:28.532Z", "dateUpdated": "2024-11-01T20:10:12.913Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-42893
Vulnerability from cvelistv5
Published
2024-03-28 15:39
Modified
2024-08-27 16:26
Severity ?
EPSS score ?
Summary
A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data.
References
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.2 |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T19:30:24.965Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214035" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214034" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214038" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214040" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214037" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214036" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214041" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipados", "vendor": "apple", "versions": [ { "lessThan": "16.7.3", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "17.2", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "macos", "vendor": "apple", "versions": [ { "lessThan": "12.7.2", "status": "affected", "version": "12.0", "versionType": "custom" }, { "lessThan": "13.6.3", "status": "affected", "version": "13.0", "versionType": "custom" }, { "lessThan": "14.2", "status": "affected", "version": "14.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tvos", "vendor": "apple", "versions": [ { "lessThan": "17.2", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:apple:watchos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "watchos", "vendor": "apple", "versions": [ { "lessThan": "10.2", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-42893", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-08-27T16:21:25.001079Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-27T16:26:21.652Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "16.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "13.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "12.7", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.2", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Monterey 12.7.2, macOS Ventura 13.6.3, iOS 17.2 and iPadOS 17.2, iOS 16.7.3 and iPadOS 16.7.3, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. An app may be able to access protected user data." } ], "problemTypes": [ { "descriptions": [ { "description": "An app may be able to access protected user data", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-28T15:39:12.081Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214035" }, { "url": "https://support.apple.com/en-us/HT214034" }, { "url": "https://support.apple.com/en-us/HT214038" }, { "url": "https://support.apple.com/en-us/HT214040" }, { "url": "https://support.apple.com/en-us/HT214037" }, { "url": "https://support.apple.com/en-us/HT214036" }, { "url": "https://support.apple.com/en-us/HT214041" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2023-42893", "datePublished": "2024-03-28T15:39:12.081Z", "dateReserved": "2023-09-14T19:05:11.460Z", "dateUpdated": "2024-08-27T16:26:21.652Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27803
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-27803", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T16:04:14.278783Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:46:44.628Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.161Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A permissions issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access may be able to share items from the lock screen." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker with physical access may be able to share items from the lock screen", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:49.678Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27803", "datePublished": "2024-05-13T23:00:49.678Z", "dateReserved": "2024-02-26T15:32:28.517Z", "dateUpdated": "2024-08-02T00:41:55.161Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27841
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "macos", "vendor": "apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "iphone_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27841", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-14T03:56:14.075799Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284 Improper Access Control", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-31T19:26:45.365Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.723Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An app may be able to disclose kernel memory." } ], "problemTypes": [ { "descriptions": [ { "description": "An app may be able to disclose kernel memory", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:53.803Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27841", "datePublished": "2024-05-13T23:00:53.803Z", "dateReserved": "2024-02-26T15:32:28.529Z", "dateUpdated": "2024-08-02T00:41:55.723Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27834
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "macos", "vendor": "apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tvos", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "watchos", "vendor": "apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "iphone_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27834", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T04:00:11.988391Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-277", "description": "CWE-277 Insecure Inherited Permissions", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-06T15:23:00.293Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.789Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214103" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214102" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/17" }, { "tags": [ "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/05/21/1" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/9" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/16" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/" }, { "tags": [ "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "Safari", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:50.836Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "https://support.apple.com/en-us/HT214104" }, { "url": "https://support.apple.com/en-us/HT214103" }, { "url": "https://support.apple.com/en-us/HT214102" }, { "url": "http://seclists.org/fulldisclosure/2024/May/17" }, { "url": "http://www.openwall.com/lists/oss-security/2024/05/21/1" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "http://seclists.org/fulldisclosure/2024/May/9" }, { "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "url": "http://seclists.org/fulldisclosure/2024/May/16" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WKIXADCW3O4R2OOSDZGPU55XQFE6NA3M/" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ADCLQW54XN37VJZNYD3UKCYATJFIMYXG/" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27834", "datePublished": "2024-05-13T23:00:50.836Z", "dateReserved": "2024-02-26T15:32:28.527Z", "dateUpdated": "2024-08-02T00:41:55.789Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27804
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "watchos", "vendor": "apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "iphone_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "tvos", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "macos", "vendor": "apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27804", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T04:00:16.579332Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1325", "description": "CWE-1325 Improperly Controlled Sequential Memory Allocation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-30T14:50:52.579Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.405Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214102" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/17" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214102" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/16" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214123" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Jul/23" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An app may be able to execute arbitrary code with kernel privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An app may be able to execute arbitrary code with kernel privileges", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:48.211Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "https://support.apple.com/en-us/HT214104" }, { "url": "https://support.apple.com/en-us/HT214102" }, { "url": "http://seclists.org/fulldisclosure/2024/May/17" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214102" }, { "url": "https://support.apple.com/kb/HT214104" }, { "url": "https://support.apple.com/kb/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "url": "http://seclists.org/fulldisclosure/2024/May/16" }, { "url": "https://support.apple.com/kb/HT214101" }, { "url": "https://support.apple.com/kb/HT214123" }, { "url": "http://seclists.org/fulldisclosure/2024/Jul/23" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27804", "datePublished": "2024-05-13T23:00:48.211Z", "dateReserved": "2024-02-26T15:32:28.517Z", "dateUpdated": "2024-08-02T00:41:55.405Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27796
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:apple:ipad_os:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "-", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "iphone_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "-", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "macos", "vendor": "apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "-", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27796", "options": [ { "Exploitation": "None" }, { "Automatable": "Yes" }, { "Technical Impact": "Total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T04:00:13.545424Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1325", "description": "CWE-1325 Improperly Controlled Sequential Memory Allocation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:47:25.690Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.404Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214107" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214105" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214100" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. An attacker may be able to elevate privileges." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker may be able to elevate privileges", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:54.914Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "https://support.apple.com/kb/HT214107" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214105" }, { "url": "https://support.apple.com/kb/HT214100" }, { "url": "https://support.apple.com/kb/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27796", "datePublished": "2024-05-13T23:00:54.914Z", "dateReserved": "2024-02-26T15:32:28.515Z", "dateUpdated": "2024-08-02T00:41:55.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27821
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-08-02 00:41
Severity ?
EPSS score ?
Summary
A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent.
References
Impacted products
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "macos", "vendor": "apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "watchos", "vendor": "apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ios:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ios", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27821", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-29T17:36:34.101116Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-31T18:18:38.684Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:54.861Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214104" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/16" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A path handling issue was addressed with improved validation. This issue is fixed in iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5. A shortcut may output sensitive user data without consent." } ], "problemTypes": [ { "descriptions": [ { "description": "A shortcut may output sensitive user data without consent", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:53.440Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "https://support.apple.com/en-us/HT214104" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214104" }, { "url": "https://support.apple.com/kb/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "url": "http://seclists.org/fulldisclosure/2024/May/16" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27821", "datePublished": "2024-05-13T23:00:53.440Z", "dateReserved": "2024-02-26T15:32:28.523Z", "dateUpdated": "2024-08-02T00:41:54.861Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27816
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-11-06 18:51
Severity ?
EPSS score ?
Summary
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data.
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27816", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-14T17:02:32.436341Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-noinfo Not enough information", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-06T18:51:17.247Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.612Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214106" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214102" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/17" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214102" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214104" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214106" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/16" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "macOS", "vendor": "Apple", "versions": [ { "lessThan": "14.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "watchOS", "vendor": "Apple", "versions": [ { "lessThan": "10.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] }, { "product": "tvOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A logic issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. An attacker may be able to access user data." } ], "problemTypes": [ { "descriptions": [ { "description": "An attacker may be able to access user data", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:54.182Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "https://support.apple.com/en-us/HT214106" }, { "url": "https://support.apple.com/en-us/HT214104" }, { "url": "https://support.apple.com/en-us/HT214102" }, { "url": "http://seclists.org/fulldisclosure/2024/May/17" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214102" }, { "url": "https://support.apple.com/kb/HT214104" }, { "url": "https://support.apple.com/kb/HT214106" }, { "url": "http://seclists.org/fulldisclosure/2024/May/12" }, { "url": "http://seclists.org/fulldisclosure/2024/May/16" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27816", "datePublished": "2024-05-13T23:00:54.182Z", "dateReserved": "2024-02-26T15:32:28.520Z", "dateUpdated": "2024-11-06T18:51:17.247Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-27839
Vulnerability from cvelistv5
Published
2024-05-13 23:00
Modified
2024-10-29 14:45
Severity ?
EPSS score ?
Summary
A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user's current location.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apple | iOS and iPadOS |
Version: unspecified < 17.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T00:41:55.719Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://support.apple.com/en-us/HT214101" }, { "tags": [ "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT214101" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "iphone_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ipad_os", "vendor": "apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-27839", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-08-07T17:55:32.224378Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-203", "description": "CWE-203 Observable Discrepancy", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-29T14:45:42.988Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "iOS and iPadOS", "vendor": "Apple", "versions": [ { "lessThan": "17.5", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in iOS 17.5 and iPadOS 17.5. A malicious application may be able to determine a user\u0027s current location." } ], "problemTypes": [ { "descriptions": [ { "description": "A malicious application may be able to determine a user\u0027s current location", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-13T23:00:50.063Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple" }, "references": [ { "url": "https://support.apple.com/en-us/HT214101" }, { "url": "http://seclists.org/fulldisclosure/2024/May/10" }, { "url": "https://support.apple.com/kb/HT214101" } ] } }, "cveMetadata": { "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2024-27839", "datePublished": "2024-05-13T23:00:50.063Z", "dateReserved": "2024-02-26T15:32:28.529Z", "dateUpdated": "2024-10-29T14:45:42.988Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.